From nobody Wed Nov 12 01:53:56 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1567199353; cv=none; d=zoho.com; s=zohoarc; b=HTMEdtNifb7RUNYpzfd3oM5WSmHQ6uIFj6vcSyYCdfIpd4Fi8/TR02yhMBTqks3H8+zB1YRS197kzMBpxmU1n0b/3h7CdwQQtL/9B0tgDVwZpsl33w1kid7p8OhARTYHvQ1kPUS/1On8mWEIlkYK1/1AHzMfxm1/85O8+1Em8i0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1567199353; h=Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=mZIlpxayXBr0y9FeiYeqLc7ZlI7eXlyDZ+dhHSLQP6Q=; b=YW3sTsBNM/yUOmMm0b+kcc0MoJfQPqM/W7bI/GUkZqeTj40JhCaix0U3qRJpUFMZJxWpXUjkpV4RYyV1CDhxS4emiTd/VHK9odU7a+mB57DUE4ZPQitd8fy7cIRh7DGSknyZyD0W/4ywrWwX+MGsgVD+0Sf5iJhu1+gcbEUokOg= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1567199353663687.2804945946019; Fri, 30 Aug 2019 14:09:13 -0700 (PDT) Received: from localhost ([::1]:41176 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i3o8u-00057l-IP for importer@patchew.org; Fri, 30 Aug 2019 17:09:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47868) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i3nxR-0003W1-29 for qemu-devel@nongnu.org; Fri, 30 Aug 2019 16:57:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i3nxH-0001oV-0I for qemu-devel@nongnu.org; Fri, 30 Aug 2019 16:57:16 -0400 Received: from mx1.redhat.com ([209.132.183.28]:45776) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i3nww-0001ek-DI; Fri, 30 Aug 2019 16:56:51 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B1740308218D; Fri, 30 Aug 2019 20:56:49 +0000 (UTC) Received: from maximlenovopc.usersys.redhat.com (unknown [10.35.206.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id 605B55DAAE; Fri, 30 Aug 2019 20:56:47 +0000 (UTC) From: Maxim Levitsky To: qemu-devel@nongnu.org Date: Fri, 30 Aug 2019 23:56:08 +0300 Message-Id: <20190830205608.18192-11-mlevitsk@redhat.com> In-Reply-To: <20190830205608.18192-1-mlevitsk@redhat.com> References: <20190830205608.18192-1-mlevitsk@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Fri, 30 Aug 2019 20:56:49 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 10/10] iotests : add tests for encryption key management X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , qemu-block@nongnu.org, Markus Armbruster , Max Reitz , Maxim Levitsky , John Snow Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Note that currently I add tests 300-302, which are placeholders to ease the rebase. In final version of these patches I will update these. Signed-off-by: Maxim Levitsky --- tests/qemu-iotests/087.out | 6 +- tests/qemu-iotests/134.out | 2 +- tests/qemu-iotests/158.out | 4 +- tests/qemu-iotests/188.out | 2 +- tests/qemu-iotests/189.out | 4 +- tests/qemu-iotests/198.out | 4 +- tests/qemu-iotests/300 | 202 +++++++++++++++++++++++++ tests/qemu-iotests/300.out | 98 ++++++++++++ tests/qemu-iotests/301 | 90 +++++++++++ tests/qemu-iotests/301.out | 30 ++++ tests/qemu-iotests/302 | 247 +++++++++++++++++++++++++++++++ tests/qemu-iotests/302.out | 18 +++ tests/qemu-iotests/common.filter | 6 +- tests/qemu-iotests/group | 8 + 14 files changed, 708 insertions(+), 13 deletions(-) create mode 100755 tests/qemu-iotests/300 create mode 100644 tests/qemu-iotests/300.out create mode 100755 tests/qemu-iotests/301 create mode 100644 tests/qemu-iotests/301.out create mode 100644 tests/qemu-iotests/302 create mode 100644 tests/qemu-iotests/302.out diff --git a/tests/qemu-iotests/087.out b/tests/qemu-iotests/087.out index 2d92ea847b..b61ba638af 100644 --- a/tests/qemu-iotests/087.out +++ b/tests/qemu-iotests/087.out @@ -34,7 +34,7 @@ QMP_VERSION =20 =3D=3D=3D Encrypted image QCow =3D=3D=3D =20 -Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D134217728 encryption= =3Don encrypt.key-secret=3Dsec0 +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D134217728 encryption= =3Don Testing: QMP_VERSION {"return": {}} @@ -46,7 +46,7 @@ QMP_VERSION =20 =3D=3D=3D Encrypted image LUKS =3D=3D=3D =20 -Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D134217728 encrypt.form= at=3Dluks encrypt.key-secret=3Dsec0 +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D134217728 Testing: QMP_VERSION {"return": {}} @@ -58,7 +58,7 @@ QMP_VERSION =20 =3D=3D=3D Missing driver =3D=3D=3D =20 -Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D134217728 encryption= =3Don encrypt.key-secret=3Dsec0 +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D134217728 encryption= =3Don Testing: -S QMP_VERSION {"return": {}} diff --git a/tests/qemu-iotests/134.out b/tests/qemu-iotests/134.out index 09d46f6b17..4abc5b5f7d 100644 --- a/tests/qemu-iotests/134.out +++ b/tests/qemu-iotests/134.out @@ -1,5 +1,5 @@ QA output created by 134 -Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D134217728 encryption= =3Don encrypt.key-secret=3Dsec0 +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D134217728 encryption= =3Don =20 =3D=3D reading whole image =3D=3D read 134217728/134217728 bytes at offset 0 diff --git a/tests/qemu-iotests/158.out b/tests/qemu-iotests/158.out index 6def216e55..f28a17626b 100644 --- a/tests/qemu-iotests/158.out +++ b/tests/qemu-iotests/158.out @@ -1,6 +1,6 @@ QA output created by 158 =3D=3D create base =3D=3D -Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D134217728 encrypt= ion=3Don encrypt.key-secret=3Dsec0 +Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D134217728 encrypt= ion=3Don =20 =3D=3D writing whole image =3D=3D wrote 134217728/134217728 bytes at offset 0 @@ -10,7 +10,7 @@ wrote 134217728/134217728 bytes at offset 0 read 134217728/134217728 bytes at offset 0 128 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) =3D=3D create overlay =3D=3D -Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D134217728 backing_file= =3DTEST_DIR/t.IMGFMT.base encryption=3Don encrypt.key-secret=3Dsec0 +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D134217728 backing_file= =3DTEST_DIR/t.IMGFMT.base encryption=3Don =20 =3D=3D writing part of a cluster =3D=3D wrote 1024/1024 bytes at offset 0 diff --git a/tests/qemu-iotests/188.out b/tests/qemu-iotests/188.out index c568ef3701..5426861b18 100644 --- a/tests/qemu-iotests/188.out +++ b/tests/qemu-iotests/188.out @@ -1,5 +1,5 @@ QA output created by 188 -Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D16777216 encrypt.forma= t=3Dluks encrypt.key-secret=3Dsec0 encrypt.iter-time=3D10 +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D16777216 =20 =3D=3D reading whole image =3D=3D read 16777216/16777216 bytes at offset 0 diff --git a/tests/qemu-iotests/189.out b/tests/qemu-iotests/189.out index a0b7c9c24c..bc213cbe14 100644 --- a/tests/qemu-iotests/189.out +++ b/tests/qemu-iotests/189.out @@ -1,6 +1,6 @@ QA output created by 189 =3D=3D create base =3D=3D -Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D16777216 encrypt.= format=3Dluks encrypt.key-secret=3Dsec0 encrypt.iter-time=3D10 +Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D16777216 =20 =3D=3D writing whole image =3D=3D wrote 16777216/16777216 bytes at offset 0 @@ -10,7 +10,7 @@ wrote 16777216/16777216 bytes at offset 0 read 16777216/16777216 bytes at offset 0 16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) =3D=3D create overlay =3D=3D -Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D16777216 backing_file= =3DTEST_DIR/t.IMGFMT.base encrypt.format=3Dluks encrypt.key-secret=3Dsec1 e= ncrypt.iter-time=3D10 +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D16777216 backing_file= =3DTEST_DIR/t.IMGFMT.base =20 =3D=3D writing part of a cluster =3D=3D wrote 1024/1024 bytes at offset 0 diff --git a/tests/qemu-iotests/198.out b/tests/qemu-iotests/198.out index e86b175e39..2eff420795 100644 --- a/tests/qemu-iotests/198.out +++ b/tests/qemu-iotests/198.out @@ -1,12 +1,12 @@ QA output created by 198 =3D=3D create base =3D=3D -Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D16777216 encrypt.= format=3Dluks encrypt.key-secret=3Dsec0 encrypt.iter-time=3D10 +Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D16777216 =20 =3D=3D writing whole image base =3D=3D wrote 16777216/16777216 bytes at offset 0 16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) =3D=3D create overlay =3D=3D -Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D16777216 backing_file= =3DTEST_DIR/t.IMGFMT.base encrypt.format=3Dluks encrypt.key-secret=3Dsec1 e= ncrypt.iter-time=3D10 +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D16777216 backing_file= =3DTEST_DIR/t.IMGFMT.base =20 =3D=3D writing whole image layer =3D=3D wrote 16777216/16777216 bytes at offset 0 diff --git a/tests/qemu-iotests/300 b/tests/qemu-iotests/300 new file mode 100755 index 0000000000..5b65ef95de --- /dev/null +++ b/tests/qemu-iotests/300 @@ -0,0 +1,202 @@ +#!/usr/bin/env bash +# +# Test encryption key management with luks +# Based on 134 +# +# Copyright (C) 2019 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# creator +owner=3Dmlevitsk@redhat.com + +seq=3D`basename $0` +echo "QA output created by $seq" + +status=3D1 # failure is the default! + +_cleanup() +{ + _cleanup_test_img +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter + +_supported_fmt qcow2 luks +_supported_proto file #TODO + +QEMU_IO_OPTIONS=3D$QEMU_IO_OPTIONS_NO_FMT + +if [ "$IMGFMT" =3D "qcow2" ] ; then + PR=3D"encrypt." + EXTRA_IMG_ARGS=3D"-o encrypt.format=3Dluks" +fi + + +# secrets: you are supposed to see the password as *******, see :-) +S0=3D"--object secret,id=3Dsec0,data=3Dhunter0" +S1=3D"--object secret,id=3Dsec1,data=3Dhunter1" +S2=3D"--object secret,id=3Dsec2,data=3Dhunter2" +S3=3D"--object secret,id=3Dsec3,data=3Dhunter3" +S4=3D"--object secret,id=3Dsec4,data=3Dhunter4" +SECRETS=3D"$S0 $S1 $S2 $S3 $S4" + +# image with given secret +IMGS0=3D"--image-opts driver=3D$IMGFMT,file.filename=3D$TEST_IMG,${PR}key-= secret=3Dsec0" +IMGS1=3D"--image-opts driver=3D$IMGFMT,file.filename=3D$TEST_IMG,${PR}key-= secret=3Dsec1" +IMGS2=3D"--image-opts driver=3D$IMGFMT,file.filename=3D$TEST_IMG,${PR}key-= secret=3Dsec2" +IMGS3=3D"--image-opts driver=3D$IMGFMT,file.filename=3D$TEST_IMG,${PR}key-= secret=3Dsec3" +IMGS4=3D"--image-opts driver=3D$IMGFMT,file.filename=3D$TEST_IMG,${PR}key-= secret=3Dsec4" + + +echo "=3D=3D creating a test image =3D=3D" +_make_test_img $S4 $EXTRA_IMG_ARGS -o ${PR}key-secret=3Dsec4,${PR}iter-tim= e=3D10,${PR}slot=3D4 32M + +echo +echo "=3D=3D test that key 4 opens the image =3D=3D" +$QEMU_IO $S4 -c "read 0 4096" $IMGS4 | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D adding a password to slot 0 =3D=3D" +$QEMU_IMG amend $SECRETS $IMGS4 -o ${PR}key-secret=3Dsec0,${PR}iter-time= =3D10 +echo "=3D=3D adding a password to slot 1 =3D=3D" +$QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}key-secret=3Dsec1,${PR}iter-time= =3D10 +echo "=3D=3D adding a password to slot 3 =3D=3D" +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}key-secret=3Dsec3,${PR}iter-time= =3D10,${PR}slot=3D3 +echo "=3D=3D adding a password to slot 2 =3D=3D" +$QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}key-secret=3Dsec2,${PR}iter-time= =3D10 + + +echo "=3D=3D erase slot 4 =3D=3D" +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}active=3Doff,${PR}slot=3D4 | _filt= er_img_create + + +echo +echo "=3D=3D all secrets should work =3D=3D" +for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do + $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testd= ir +done + +echo +echo "=3D=3D erase slot 0 and try it =3D=3D" +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}active=3Doff,${PR}key-secret=3Dsec= 0 | _filter_img_create +$QEMU_IO $SECRETS -c "read 0 4096" $IMGS0 | _filter_qemu_io | _filter_test= dir + +echo +echo "=3D=3D erase slot 2 and try it =3D=3D" +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}active=3Doff,${PR}slot=3D2| _filte= r_img_create +$QEMU_IO $SECRETS -c "read 0 4096" $IMGS2 | _filter_qemu_io | _filter_test= dir + + +# at this point slots 1 and 3 should be active + +echo +echo "=3D=3D filling 4 slots with secret 2 =3D=3D" +for i in $(seq 0 3) ; do + $QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}key-secret=3Dsec2,${PR}iter-time= =3D10 +done + +echo +echo "=3D=3D adding secret 0 =3D=3D" + $QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}key-secret=3Dsec0,${PR}iter-time= =3D10 + +echo +echo "=3D=3D adding secret 3 (last slot) =3D=3D" + $QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}key-secret=3Dsec3,${PR}iter-time= =3D10 + +echo +echo "=3D=3D trying to add another slot (should fail) =3D=3D" +$QEMU_IMG amend $SECRETS $IMGS2 -o ${PR}key-secret=3Dsec3,${PR}iter-time= =3D10 + +echo +echo "=3D=3D all secrets should work again =3D=3D" +for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do + $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testd= ir +done + +echo +echo "=3D=3D erase all keys of secret 2=3D=3D" +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}active=3Doff,${PR}key-secret=3Dsec2 +echo "=3D=3D erase all keys of secret 1=3D=3D" +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}active=3Doff,${PR}key-secret=3Dsec1 +echo "=3D=3D erase all keys of secret 0=3D=3D" +$QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}active=3Doff,${PR}key-secret=3Dsec0 +echo "=3D=3D erase all keys of secret 3, except a remaining key =3D=3D" +$QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}active=3Doff,${PR}key-secret=3Dsec3 + + +echo +echo "=3D=3D only secret3 should work now =3D=3D" +for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do + $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testd= ir +done + +echo +echo "=3D=3D add secret0 =3D=3D" +$QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}key-secret=3Dsec0,${PR}iter-time= =3D10 + +echo "=3D=3D erase secret3 =3D=3D" +$QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}active=3Doff,${PR}key-secret=3Dsec3 + +echo +echo "=3D=3D only secret0 should work now =3D=3D" +for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do + $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testd= ir +done + +echo +echo "=3D=3D replace secret0 with secret1 (should fail) =3D=3D" +$QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}key-secret=3Dsec1,${PR}iter-time= =3D10,${PR}slot=3D0 + +echo +echo "=3D=3D replace secret0 with secret1 with force (should work) =3D=3D" +$QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}key-secret=3Dsec1,${PR}iter-time= =3D10,${PR}slot=3D0 --force + +echo +echo "=3D=3D only secret1 should work now =3D=3D" +for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do + $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testd= ir +done + + +echo +echo "=3D=3D erase last secret (should fail) =3D=3D" +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}active=3Doff,${PR}slot=3D0 +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}active=3Doff,${PR}key-secret=3Dsec1 + + +echo "=3D=3D erase non existing secrets (should fail) =3D=3D" +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}active=3Doff,${PR}key-secret=3Dsec= 5 --force +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}active=3Doff,${PR}key-secret=3Dsec= 0 --force +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}active=3Doff,${PR}slot=3D1 --force + +echo +echo "=3D=3D erase last secret with force by slot (should work) =3D=3D" +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}active=3Doff,${PR}slot=3D0 --force + +echo +echo "=3D=3D we have no secrets now, data is lost forever =3D=3D" +for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do + $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testd= ir +done + +# success, all done +echo "*** done" +rm -f $seq.full +status=3D0 + diff --git a/tests/qemu-iotests/300.out b/tests/qemu-iotests/300.out new file mode 100644 index 0000000000..d809595381 --- /dev/null +++ b/tests/qemu-iotests/300.out @@ -0,0 +1,98 @@ +QA output created by 300 +=3D=3D creating a test image =3D=3D +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D33554432 + +=3D=3D test that key 4 opens the image =3D=3D +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D adding a password to slot 0 =3D=3D +=3D=3D adding a password to slot 1 =3D=3D +=3D=3D adding a password to slot 3 =3D=3D +=3D=3D adding a password to slot 2 =3D=3D +=3D=3D erase slot 4 =3D=3D + +=3D=3D all secrets should work =3D=3D +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D erase slot 0 and try it =3D=3D +qemu-io: can't open: Invalid password, cannot unlock any keyslot + +=3D=3D erase slot 2 and try it =3D=3D +qemu-io: can't open: Invalid password, cannot unlock any keyslot + +=3D=3D filling 4 slots with secret 2 =3D=3D + +=3D=3D adding secret 0 =3D=3D + +=3D=3D adding secret 3 (last slot) =3D=3D + +=3D=3D trying to add another slot (should fail) =3D=3D +qemu-img: Can't add a keyslot - all key slots are in use + +=3D=3D all secrets should work again =3D=3D +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D erase all keys of secret 2=3D=3D +=3D=3D erase all keys of secret 1=3D=3D +=3D=3D erase all keys of secret 0=3D=3D +=3D=3D erase all keys of secret 3, except a remaining key =3D=3D + +=3D=3D only secret3 should work now =3D=3D +qemu-io: can't open: Invalid password, cannot unlock any keyslot +qemu-io: can't open: Invalid password, cannot unlock any keyslot +qemu-io: can't open: Invalid password, cannot unlock any keyslot +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D add secret0 =3D=3D +=3D=3D erase secret3 =3D=3D + +=3D=3D only secret0 should work now =3D=3D +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +qemu-io: can't open: Invalid password, cannot unlock any keyslot +qemu-io: can't open: Invalid password, cannot unlock any keyslot +qemu-io: can't open: Invalid password, cannot unlock any keyslot + +=3D=3D replace secret0 with secret1 (should fail) =3D=3D +qemu-img: Can't update an active key slot 0 + +=3D=3D replace secret0 with secret1 with force (should work) =3D=3D + +=3D=3D only secret1 should work now =3D=3D +qemu-io: can't open: Invalid password, cannot unlock any keyslot +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +qemu-io: can't open: Invalid password, cannot unlock any keyslot +qemu-io: can't open: Invalid password, cannot unlock any keyslot + +=3D=3D erase last secret (should fail) =3D=3D +qemu-img: Only one slot active - can't erase +qemu-img: Only one slot active - can't erase +=3D=3D erase non existing secrets (should fail) =3D=3D +qemu-img: No secret with id 'sec5' +qemu-img: Didn't erase a keyslot, because no keyslots match the given pass= word + +=3D=3D erase last secret with force by slot (should work) =3D=3D + +=3D=3D we have no secrets now, data is lost forever =3D=3D +qemu-io: can't open: Invalid password, cannot unlock any keyslot +qemu-io: can't open: Invalid password, cannot unlock any keyslot +qemu-io: can't open: Invalid password, cannot unlock any keyslot +qemu-io: can't open: Invalid password, cannot unlock any keyslot +*** done diff --git a/tests/qemu-iotests/301 b/tests/qemu-iotests/301 new file mode 100755 index 0000000000..ba29bf10a0 --- /dev/null +++ b/tests/qemu-iotests/301 @@ -0,0 +1,90 @@ +# +# Copyright (C) 2019 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# creator +owner=3Dmlevitsk@redhat.com + +seq=3D`basename $0` +echo "QA output created by $seq" + +status=3D1 # failure is the default! + +_cleanup() +{ + _cleanup_test_img +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter + +_supported_fmt luks +_supported_proto file #TODO + +QEMU_IO_OPTIONS=3D$QEMU_IO_OPTIONS_NO_FMT + +# you are supposed to see the password as *******, see :-) +S0=3D"--object secret,id=3Dsec0,data=3Dhunter0" +S1=3D"--object secret,id=3Dsec1,data=3Dhunter1" +SECRETS=3D"$S0 $S1" + + +IMGS0=3D"--image-opts driver=3D$IMGFMT,file.filename=3D$TEST_IMG,key-secre= t=3Dsec0" +IMGS1=3D"--image-opts driver=3D$IMGFMT,file.filename=3D$TEST_IMG,key-secre= t=3Dsec1" + +echo "=3D=3D creating a test image =3D=3D" +_make_test_img $S0 -o "key-secret=3Dsec0,iter-time=3D10" 32M + +echo +echo "=3D=3D test that key 0 opens the image =3D=3D" +$QEMU_IO $S0 -c "read 0 4096" $IMGS0 | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D adding a password to slot 1 =3D=3D" +$QEMU_IMG amend $SECRETS $IMGS0 -o active=3Don,key-secret=3Dsec1,slot=3D1,= iter-time=3D10 + +echo +echo "=3D=3D 'backup' the image header =3D=3D" +dd if=3D$TEST_IMG_FILE of=3D${TEST_IMG_FILE}.bk bs=3D4K skip=3D0 count=3D1 + +echo +echo "=3D=3D erase slot 0 =3D=3D" +$QEMU_IMG amend $SECRETS $IMGS1 -o active=3Doff,slot=3D0 | _filter_img_cre= ate + +echo +echo "=3D=3D test that key 0 doesn't open the image =3D=3D" +$QEMU_IO $S0 -c "read 0 4096" $IMGS0 | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D 'restore' the image header =3D=3D" +dd if=3D${TEST_IMG_FILE}.bk of=3D${TEST_IMG_FILE} bs=3D4K skip=3D0 count= =3D1 conv=3Dnotrunc + +echo +echo "=3D=3D test that key 0 still doesn't open the image (key material is= erased) =3D=3D" +$QEMU_IO $SECRETS -c "read 0 4096" $IMGS0 | _filter_qemu_io | _filter_test= dir + +echo +echo "=3D=3D test that key 1 still works =3D=3D" +$QEMU_IO $SECRETS -c "read 0 4096" $IMGS1 | _filter_qemu_io | _filter_test= dir + +echo "*** done" +rm -f $seq.full +status=3D0 + + +exit 0 diff --git a/tests/qemu-iotests/301.out b/tests/qemu-iotests/301.out new file mode 100644 index 0000000000..e653c30330 --- /dev/null +++ b/tests/qemu-iotests/301.out @@ -0,0 +1,30 @@ +QA output created by 301 +=3D=3D creating a test image =3D=3D +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D33554432 + +=3D=3D test that key 0 opens the image =3D=3D +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D adding a password to slot 1 =3D=3D + +=3D=3D 'backup' the image header =3D=3D +1+0 records in +1+0 records out + +=3D=3D erase slot 0 =3D=3D + +=3D=3D test that key 0 doesn't open the image =3D=3D +qemu-io: can't open: Invalid password, cannot unlock any keyslot + +=3D=3D 'restore' the image header =3D=3D +1+0 records in +1+0 records out + +=3D=3D test that key 0 still doesn't open the image (key material is erase= d) =3D=3D +qemu-io: can't open: Invalid password, cannot unlock any keyslot + +=3D=3D test that key 1 still works =3D=3D +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +*** done diff --git a/tests/qemu-iotests/302 b/tests/qemu-iotests/302 new file mode 100644 index 0000000000..ef33d6fff5 --- /dev/null +++ b/tests/qemu-iotests/302 @@ -0,0 +1,247 @@ +#!/usr/bin/env python +# +# Test case QMP's encrypted key management +# +# Copyright (C) 2019 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +import iotests +import os +import time + +test_img =3D os.path.join(iotests.test_dir, 'test.img') + +class Secret: + def __init__(self, index): + self._id =3D "keysec" + str(index) + # you are not supposed to see the password... + self._secret =3D "hunter" + str(index) + + def id(self): + return self._id + + def secret(self): + return self._secret + + def to_cmdline_object(self): + return [ "secret,id=3D" + self._id + ",data=3D" + self._secret] + + def to_qmp_object(self): + return { "qom_type" : "secret", "id": self.id(), + "props": { "data": self.secret() } } + +##########################################################################= ###### + +class EncryptionSetupTestCase(iotests.QMPTestCase): + + # test case startup + def setUp(self): + # start the VM + self.vm =3D iotests.VM() + self.vm.launch() + + # create the secrets and load 'em into the VM + self.secrets =3D [ Secret(i) for i in range(0, 4) ] + for secret in self.secrets: + result =3D self.vm.qmp("object-add", **secret.to_qmp_object()) + self.assert_qmp(result, 'return', {}) + + if iotests.imgfmt =3D=3D "qcow2": + self.pfx=3D"encrypt." + self.img_opts =3D [ '-o', "encrypt.format=3Dluks" ] + else: + self.pfx=3D"" + self.img_opts =3D [] + + + # test case shutdown + def tearDown(self): + # stop the VM + self.vm.shutdown() + + ######################################################################= ##### + # create the encrypted block device + def createImg(self, file, secret): + + iotests.qemu_img( + 'create', + '--object', *secret.to_cmdline_object(), + '-f', iotests.imgfmt, + '-o', self.pfx+'key-secret=3D' + secret.id(), + '-o', self.pfx+'iter-time=3D10', + *self.img_opts, + file, + '1M') + + ######################################################################= ##### + # open an encrypted block device + def openLUKS(self, id, file, secret): + if iotests.imgfmt =3D=3D "qcow2": + encrypt_options =3D { + 'encrypt': { + 'format':'luks', + 'key-secret' : secret.id()} + } + else: + encrypt_options =3D { + 'key-secret' : secret.id() + } + + result =3D self.vm.qmp('blockdev-add', ** + { + 'driver': iotests.imgfmt, + 'node-name': id, + + **encrypt_options, + + 'file': { + 'driver': 'file', + 'filename': test_img, + } + } + ) + self.assert_qmp(result, 'return', {}) + + # close the encrypted block device + def closeLUKS(self, id): + result =3D self.vm.qmp('blockdev-del', **{ 'node-name': id }) + self.assert_qmp(result, 'return', {}) + + ######################################################################= ##### + + # add a key to an encrypted block device + def addKey(self, id, secret, unlock_secret =3D None, slot =3D None, fo= rce =3D False): + + crypt_options =3D { + 'active': True, + 'key-secret' : secret.id(), + 'iter-time' : 10 + } + + if slot !=3D None: + crypt_options['slot'] =3D slot + if unlock_secret !=3D None: + crypt_options['unlock-secret'] =3D unlock_secret.id() + + if iotests.imgfmt =3D=3D "qcow2": + crypt_options['format'] =3D 'luks' + crypt_options =3D { + 'encrypt': crypt_options + } + + args =3D { + 'node-name': id, + 'job-id' : 'job0', + 'options' : { + 'driver' : iotests.imgfmt, + **crypt_options + }, + } + + if force =3D=3D True: + args['force'] =3D True + + #TODO: check what jobs return + result =3D self.vm.qmp('x-blockdev-amend', **args) + assert result['return'] =3D=3D {} + self.vm.run_job('job0') + + # erase a key from an encrypted block device + def eraseKey(self, id, secret =3D None, slot =3D None, force =3D False= ): + + crypt_options =3D { + 'active': False, + 'iter-time' : 10 + } + + if slot !=3D None: + crypt_options['slot'] =3D slot + if secret !=3D None: + crypt_options['key-secret'] =3D secret.id() + + if iotests.imgfmt =3D=3D "qcow2": + crypt_options['format'] =3D 'luks' + crypt_options =3D { + 'encrypt': crypt_options + } + + args =3D { + 'node-name': id, + 'job-id' : 'job1', + 'options' : { + 'driver' : iotests.imgfmt, + **crypt_options + }, + } + + if force =3D=3D True: + args['force'] =3D True + + result =3D self.vm.qmp('x-blockdev-amend', **args) + assert result['return'] =3D=3D {} + self.vm.run_job('job1') + + ######################################################################= ##### + # create image, and change its key + def testChangeKey(self): + + # create the image with secret0 and open it + self.createImg(test_img, self.secrets[0]); + self.openLUKS("testdev", test_img, self.secrets[0]) + + # add key to slot 1 + self.addKey("testdev", secret=3Dself.secrets[1]) + + + # erase key from slot 0 + self.eraseKey("testdev", secret=3Dself.secrets[0]) + + #reopen the image with secret1 + self.closeLUKS("testdev") + self.openLUKS("testdev", test_img, self.secrets[1]) + + # close and erase the image for good + self.closeLUKS("testdev") + os.remove(test_img) + + # test that if we erase the old password, + # we can still change the encryption keys using 'old-secret' + def testOldPassword(self): + + # create the image with secret0 and open it + self.createImg(test_img, self.secrets[0]); + self.openLUKS("testdev", test_img, self.secrets[0]) + + # add key to slot 1 + self.addKey("testdev", secret=3Dself.secrets[1]) + + # erase key from slot 0 + self.eraseKey("testdev", secret=3Dself.secrets[0]) + + # this will fail as the old password is no longer valid + self.addKey("testdev", secret=3Dself.secrets[2]) + + # this will work + self.addKey("testdev", secret=3Dself.secrets[2], unlock_secret=3Ds= elf.secrets[1]) + + # close and erase the image for good + self.closeLUKS("testdev") + os.remove(test_img) + + +if __name__ =3D=3D '__main__': + # Encrypted formats support + iotests.main(iotests.main(supported_fmts=3D['qcow2','luks'])) diff --git a/tests/qemu-iotests/302.out b/tests/qemu-iotests/302.out new file mode 100644 index 0000000000..78bfc0864c --- /dev/null +++ b/tests/qemu-iotests/302.out @@ -0,0 +1,18 @@ +.. +---------------------------------------------------------------------- +Ran 2 tests + +OK +{"execute": "job-dismiss", "arguments": {"id": "job0"}} +{"return": {}} +{"execute": "job-dismiss", "arguments": {"id": "job1"}} +{"return": {}} +{"execute": "job-dismiss", "arguments": {"id": "job0"}} +{"return": {}} +{"execute": "job-dismiss", "arguments": {"id": "job1"}} +{"return": {}} +Job failed: Invalid password, cannot unlock any keyslot +{"execute": "job-dismiss", "arguments": {"id": "job0"}} +{"return": {}} +{"execute": "job-dismiss", "arguments": {"id": "job0"}} +{"return": {}} diff --git a/tests/qemu-iotests/common.filter b/tests/qemu-iotests/common.f= ilter index 8e9235d6fe..a93808cac2 100644 --- a/tests/qemu-iotests/common.filter +++ b/tests/qemu-iotests/common.filter @@ -138,8 +138,10 @@ _filter_img_create() -e "s# block_state_zero=3D\\(on\\|off\\)##g" \ -e "s# log_size=3D[0-9]\\+##g" \ -e "s# refcount_bits=3D[0-9]\\+##g" \ - -e "s# key-secret=3D[a-zA-Z0-9]\\+##g" \ - -e "s# iter-time=3D[0-9]\\+##g" \ + -e "s# \\(encrypt\\.\\)\\?key-secret=3D[a-zA-Z0-9]\\+##g" \ + -e "s# \\(encrypt\\.\\)\\?slot=3D[0-9]\\+##g" \ + -e "s# \\(encrypt\\.\\)\\?iter-time=3D[0-9]\\+##g" \ + -e "s# encrypt\\.format=3D[a-zA-Z0-9]\\+##g" \ -e "s# force_size=3D\\(on\\|off\\)##g" } =20 diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group index d95d556414..cc2c824b7d 100644 --- a/tests/qemu-iotests/group +++ b/tests/qemu-iotests/group @@ -274,3 +274,11 @@ 257 rw 258 rw quick 262 rw quick migration + + + + + +300 rw auto +301 rw auto quick +302 rw auto --=20 2.17.2